[BUGFIX] Do not create Install Tool cookie if not needed
This change corrects the Install Tool cookie handling in various ways: 1.) It is ensured that the cookie is removed on log off 2.) Session files (var/session/*) are always removed 3.) No cookie is set until it is really needed (during login) 4.) Session expire calculation is centralized into a single method This is done by adjusting the SessionService: - Move session_start() from the constructor to a dedicated method - Session existence check employs a cookie existence check before loading an existing session into memory and validating it - destroySession() now explicitly removes the cookie - renewSession() lets session_regenerate_id() deleted old session data The Install Tool is adjusted to separate action treatment for actions requiring session interaction and those not. Resolves: #92035 Releases: master, 10.4 Change-Id: Ie666831c3eb97279fad7870638b028a577fb68f7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65358 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
Showing
- typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php 1 addition, 3 deletions...core/Classes/Authentication/BackendUserAuthentication.php
- typo3/sysext/install/Classes/Controller/BackendModuleController.php 1 addition, 0 deletions...xt/install/Classes/Controller/BackendModuleController.php
- typo3/sysext/install/Classes/Middleware/Installer.php 1 addition, 3 deletionstypo3/sysext/install/Classes/Middleware/Installer.php
- typo3/sysext/install/Classes/Middleware/Maintenance.php 32 additions, 39 deletionstypo3/sysext/install/Classes/Middleware/Maintenance.php
- typo3/sysext/install/Classes/Service/SessionService.php 54 additions, 20 deletionstypo3/sysext/install/Classes/Service/SessionService.php
Please register or sign in to comment